Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-260
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités ont été corrigées dans HP OpenView Storage Data Protector, qui permettent à un attaquant d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérabilités ont été corrigées dans HP OpenView Storage Data Protector :
- dans l'exécutable crs.exe la vérification des noms d'hôte, de domaine et d'utilisateur n'est pas correctement faite et peut conduire à l'exécution de code arbitraire via des requêtes TCP spécialement conçues ;
- le logiciel client ne vérifie pas correctement les arguments, fichiers et adresses associés à la commande EXEC_CMD et un attaquant peut en profiter pour exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP OpenView Storage Data Protector versions 6.00, 6.10 et 6.11 pour Windows, Linux et Solaris.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP OpenView Storage Data\nProtector :\n\n- dans l\u0027ex\u00e9cutable crs.exe la v\u00e9rification des noms d\u0027h\u00f4te, de\n domaine et d\u0027utilisateur n\u0027est pas correctement faite et peut\n conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire via des requ\u00eates TCP\n sp\u00e9cialement con\u00e7ues ;\n- le logiciel client ne v\u00e9rifie pas correctement les arguments,\n fichiers et adresses associ\u00e9s \u00e0 la commande EXEC_CMD et un attaquant\n peut en profiter pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0921",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0921"
},
{
"name": "CVE-2011-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0922"
},
{
"name": "CVE-2011-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0923"
},
{
"name": "CVE-2011-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0924"
}
],
"links": [],
"reference": "CERTA-2011-AVI-260",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP OpenView Storage Data\nProtector, qui permettent \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenView Storage Data Protector",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c02781143 du 25 avril 2011",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02781143"
}
]
}
CVE-2011-0921 (GCVE-0-2011-0921)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI?
EPSS
Summary
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-057/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-057/"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0921",
"datePublished": "2011-02-09T00:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0923 (GCVE-0-2011-0923)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI?
EPSS
Summary
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8261",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8261"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "8323",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8323"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-055/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"
},
{
"name": "8329",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8329"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0923",
"datePublished": "2011-02-09T00:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0922 (GCVE-0-2011-0922)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI?
EPSS
Summary
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-056/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-056/"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
},
{
"name": "20110207 ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516272/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0922",
"datePublished": "2011-02-09T00:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0924 (GCVE-0-2011-0924)
Vulnerability from cvelistv5 – Published: 2011-02-09 00:00 – Updated: 2024-08-06 22:05
VLAI?
EPSS
Summary
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"
},
{
"name": "SSRT100441",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "ADV-2011-0308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0308"
},
{
"name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded"
},
{
"name": "HPSBMA02654",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130391284726795\u0026w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-054/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-054/"
},
{
"name": "46234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0924",
"datePublished": "2011-02-09T00:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…